Contents

Security Now 303: Password Haystacks

Security Update

Apple issues Security Update for Mac Defender May 31st / Security Update 2011-003 / 2.1 mb http://support.apple.com/kb/HT4657 Malware removal: Available for: Mac OS X v10.6.7, Mac OS X Server v10.6.7 (ONLY THE LATEST versions of Snow Leopard, earlier releases not supported) Impact: Remove the MacDefender malware if detected Description: The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651 <quote> Security Update 2011-003 provides additional protection by checking for the MacDefender malware and its known variants. If MacDefender malware is found, the system will quit this malware, delete any persistent files, and correct any modifications made to configuration or login files. After MacDefender is identified and removed, the message below will be displayed the next time an administrator account logs in. </quote>

IE "CookieJacking" Potential Session Cookie Hijack (that's what Firesheep was) ANY version of Windows or IE Demoed in Hack In A Box conference in Amsterdam Requires Drag & Drop within specially crafted page Facebook "Puzzle App" collected 80 Facebook session cookies from 180 of his Facebook "friends". Uses iFrames and IE's Security Zones. Microsoft was notified on January 28th & believed it was fixed in IE9, but it's still broken there. http://www.networkworld.com/community/blog/ie-flaw-could-allow-hackers-access-your-faceb

Google Speeds Up SSL http://www.darknet.org.uk/2011/05/google-proposes-way-to-speed-up-ssl-handshake/ SSL "False Start" Jumps the gun and starts sending data BEFORE the final "SSL Finshed" message has been sent. "Finished" validates the entire handshake to date and is sent under the agreed cipher spec. From Google's Draft to the IETF: When the client has sent its "ChangeCipherSpec" and "Finished" messages, its default behavior following [RFC5246] is not to send application data until it has received the server's "ChangeCipherSpec" and "Finished" messages, which completes the handshake. With the False Start protocol modification, the client MAY send application data earlier (under the new Cipher Spec) if each of the following conditions is satisfied: The application layer has requested the TLS False Start option. The symmetric cipher defined by the cipher suite negotiated in this handshake has been whitelisted for use with False Start according to the Security Considerations in Section 6.1. The key exchange method defined by the cipher suite negotiated in this handshake, has been whitelisted for use with False Start according to the Security Considerations in Section 6.2. In the case of a handshake with client authentication, the client certificate type has been whitelisted for use with False Start according to the Security Considerations in Section 6.2. https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00